Go to page

Involved In Discussions

We are developing internal Audit plan for nov'16 to Jan'17. (due for re-certification and transition to ISO 9001:2015 by April'17). This will be our first Internal Audit pertaining to ISO 9001:2015.

I have few queries related to how Internal Audit schedule and clauses to be covered from ISO requirements perspective.

1. Is it required to cover all elements of ISO 9001 before certification audit ?
2. Or it can be distributed (as per the importance and risk) as we followed for last 2 years
3. Can I follow a mixed approach of Process Audit and Conformity Audit? Example: For Purchase process - Conformity Audit
Marketing - Process Audit
* Is it mandatory to show process Audit against new version - ISO 9001:2015.

4. I understand that most of the requirements of ISO 9001:2015 is under Cl. 8 Operations and can be related to the main subclause.

In this case, what is the best way of link clauses while we do a process audit for customer oriented process ? Can you suggest any book or guidance on this perspective? Somewhat Like Sub-clause -- Base clause in PDCA cycle.

Is this termed as QMS system Audit? Is this requirement for Internal Audit ?

As per my understanding, training - Cls 4, 5 , 6,7 are system classes applicable to all processes, non-conformance to these elements can be only termed as Major Non-conformance -- meaning it is systematic failure seen across processes during an audit.

So I believe it becomes logical to have a method of doing an Audit plan - to see conformity to applicable clauses and relate it to the base clause.

The challenge is how to do this? How to identify and determine linkages under Cl no.s 8 to other system elements in ISO 9001:2015 while we do an audit of each department.

Re 1) and 2), if you don't cover one of the elements in your audit, you can bet your auditor will. Are you simply attempting to avoid doing audits, or are there gaps in your system? I would play it safe and audit all - nothing for your auditor to complain about then.

Involved In Discussions

Here's my take:
1. Is it required to cover all elements of ISO 9001 before certification audit ?
YES
2. Or it can be distributed?
Schedule future audits in a distributed fashion so that each clause of the standard is audited at least once per year.
3. Can I follow a mixed approach of Process Audit and Conformity Audit?
Yes, you must have both process or product internal audits as well as QMS audits. This will answer the question are you meeting the requirements of the standard and are you focusing on internal quality of your product to satisfy customer needs. It is a good idea to use the results of nonconformance analysis or car analysis to focus where you should do product or process audits.
Marketing - Process Audit
* Is it mandatory to show process Audit against new version - ISO 9001:2015.
Yes

Starting to get Involved

Dear,
What i understood from standard is that for each process ,you must use PDCA approach like 4,5.6-plan,7,8-Do,9-check,10-act ,(Clause-pdca) and in plan we have to consider the risk base approach is considered or not.

Quality and Auditing Expert

Your registrar will probably expect evidence that the complete standard has been covered in internal audits before converting your certificate to the revised standard. Some will want to see it's been done, plus a management review that includes results of these audits, before the audit takes place.

There is an expectation that the process audit be used for these audits. That means Plan-Do-Check-Act. It also means some clauses will be included many times throughout this cycle of process audits.

For each process, include:
4.2 Internal and/or external interested parties
4.4.1, 5.1.2, 6.1, 8.1 The process's inputs and outputs, what happens with the process, criteria, resources etc.; the risks identified, and what has changed since last audit; regulatory requirements, customer requirements.
4.4.2, 7.5 The documented information associated with the process, and their controls.
5.2.2, 5.3, 7.3 How the auditee(s) understands his/her role in supporting the Quality Policy and ensuring the customers' needs are met.
5.3, 7.4 The auditee(s) responsibilities and how they are made known.
6.2, 10.1, 10.2 The process objectives, are they being met; and if not, what is being done about it.
7.1, 7.2, 8.5 Training needed and accomplished for the tasks; competency. Infrastructure provided, maintenance is scheduled and done as planned. Environment is suitable and maintained for the process's intended outcomes. Measurement instruments as needed, calibration. Preservation, traceability of product/service.
8.4 Externally supplied products and services, if any.
8.7 Control of nonconforming outputs.
9.1 How the auditee(s) know if things are going well (monitoring and measurement)

The turtle diagram can be used to collect, sort and record data/samples for most of this information.

The support processes, such as document control, would not include many of these clauses. Information Technology processes would include a lot more of them than simple document control.

Don't forget: QMS processes like Internal Audit and Management Review must also be audited.

Quality and Auditing Expert

This audit program tool kit has been updated for the ISO 9001:2015 standard. It is designed to help with process auditing, and includes a risk-based Corrective Action log that charts results in a number of categories. This tool kit can be formatted to suit other quality standards by adding subclauses to the Audit Planner sheet.

Feel free to adapt it for your own use, but please remember this tool kit is copyright protected against redistribution and sale.

Starting to get Involved

This audit program tool kit has been updated for the ISO 9001:2015 standard. It is designed to help with process auditing, and includes a risk-based Corrective Action log that charts results in a number of categories. This tool kit can be formatted to suit other quality standards by adding subclauses to the Audit Planner sheet.

Feel free to adapt it for your own use, but please remember this tool kit is copyright protected against redistribution and sale.

Thanks! As someone who is just now dipping their toe into this whole ISO thing, my company has just made the decision to get certified, this certainly looks like a valuable tool. I don't quite have a handle on all of the requirements needed, but it sure looks like something that would be valuable to an organization with all of the pieces in place to utilize it.

Starting to get Involved

This audit program tool kit has been updated for the ISO 9001:2015 standard. It is designed to help with process auditing, and includes a risk-based Corrective Action log that charts results in a number of categories. This tool kit can be formatted to suit other quality standards by adding subclauses to the Audit Planner sheet.

Feel free to adapt it for your own use, but please remember this tool kit is copyright protected against redistribution and sale.

Hello Jen, I think your audit program Mgr is great! I have a question on sample modified turtle- are you saying that we can record a process and then add in our own inputs and output processes? I noticed that it has risk & opportunities then other clauses that are linked ( i think they are touch points) but where is the input and output identified? I wanted to use this in our transitional audit to AS9100D. So should I just start with your blank template form?

Quality and Auditing Expert

It is true that there is a lot to put on that sheet. The tools attached in the Cove are open source: they can be adapted to suit your needs. Here, I have altered the note form to include inputs and outputs. It is a good idea, especially when the inputs include customer specific requirements.